检查用户是管理员还是正常用户

时间:2014-09-20 18:02:56

标签: php html sql pdo admin

我在检查用户是否为数据库管理员时遇到问题。我是这样做的,如果admin的用户配置文件的值为1,那么它们是管理员并被重定向到管理页面,如果不是,它们被重定向到登录页面。但是我在数据库中为我的个人帐户提供了值1,但它仍然将我重定向到登录页面。

我已经在下面给出了我的代码,看看我是否做错了,请告诉我,因为我刚开始学习PHP。

<?php 
session_start();
// First we cubrid_execute(conn_identifier, SQL)te our common code to connection to the database and start the session 
require("include/common.php"); 

$admin = $_POST['admin'];
$user = $_POST['username'];

// At the top of the page we check to see whether the user is logged in or not 
if(empty($_SESSION['user'])) 
{ 
    // If they are not, we redirect them to the login page. 
    header("Location: login.php"); 

    // Remember that this die statement is absolutely critical.  Without it, 
    // people can view your members-only content without logging in. 
    die("Redirecting to login.php"); 
} 

// Everything below this point in the file is secured by the login system 

// We can retrieve a list of members from the database using a SELECT query. 
// In this case we do not have a WHERE clause because we want to select all 
// of the rows from the database table. 
$query = " 
    SELECT *
    FROM users 
"; 

try 
{ 
    // These two statements run the query against your database table. 
    $stmt = $db->prepare($query); 
    $stmt->execute(); 
} 
catch(PDOException $ex) 
{ 
    // Note: On a production website, you should not output $ex->getMessage(). 
    // It may provide an attacker with helpful information about your code.  
    die("Failed to run query: " . $ex->getMessage()); 
} 

// Finally, we can retrieve all of the found rows into an array using fetchAll 
$rows = $stmt->fetchAll();

if ($admin == 1) {
    $_SESSION['username'] = $user;
    header("location: memberlist.php");
} 

if ($admin == 0) {
    $_SESSION['username'] = $user;
    header("location: login.php");
}

1 个答案:

答案 0 :(得分:0)

纠正你的代码首先:

试试这个:

if ($admin == 1) {
    $_SESSION['admin'] = $admin;   //put you admin in session
    header("location: memberlist.php");
} 

if ($admin == 0) {
    $_SESSION['user'] = $user;      //here put your user in session
    header("location: login.php");
}



if(empty($_SESSION['user'])) //if user is empty then it redirects to login page
{ 

    header("Location: login.php"); 


    die("Redirecting to login.php"); 
} 
else if(!empty($_SESSION['admin']))   //if admin is not empty it goes to admin area
{

     header("location: memberlist.php");
}

else if(!empty($_SESSION['user']))   //same here if user is present,then it leads to user area
{


    header("Location: user.php"); 
}
相关问题
最新问题